3.1 Field of the Invention
The technologies described herein relate to systems, software, and methods for the multi-level federation, allocation, distribution, and enforcement of information management policies in networks of computing and communications devices, and more particularly, to the multi-level federation, allocation, distribution, and enforcement of separately-sourced information management policies over a plurality of disparate sets of information within one or more such devices. The present invention has applications in the areas of computer science, computer network management, and computer security.
3.2 The Related Art
There have been many attempts to develop systems for information management policy enforcement that implement information protection (including preventing information leakage and limiting or controlling information movement) for information that is either “at rest” (i.e., information that is not subject to some change in state or location) or “in motion” (i.e., information that is subject to change of state or location). Current systems have addressed one or more aspects of the overall problem, but none has provided a complete solution. In fact, current systems are mutually exclusive, preventing even simple combinations of techniques on a single platform to provide enforcement using combinations of systems.
One particularly difficult challenge is that networks typically include devices that often have diverse capabilities for implementing policy controls, sometimes as a result of having differing operating systems, protection software, or configuration options. Existing implementation techniques require common capabilities across all devices, and often require a monolithic control structure. Alternatively, these techniques require the installation of common policy enforcement software, or require a set of parallel control silos that are not interoperable. Furthermore, existing techniques do not support integrating protection methods, e.g. protection of information while in use and protection while at rest are not addressed by any single solution. These requirements effectively prevent the sort of federation, allocation, and distribution of policies needed to provide protection for information at rest and in motion.
For example, among the existing techniques are those that segregate information on the basis of its type thereby preventing access to, or co-mingling of, different types of information. Other existing techniques segregate information by the user currently in possession of the information (e.g., UIC-based protections and access control lists), or the application that uses the information (e.g, iOS or Android OS application isolation). These techniques are typically implemented at the operating system level, are applied indiscriminately to all information on a device, and presume a single, common specification for control. Such assumptions are unacceptable for real world device use. For example, systems that permit “bring your own” devices (e.g., so-called smartphones, tablets, and laptops) cannot employ these techniques due to the plurality of sources of policy control, such as the device owner, an enterprise IT department, a network service provider, and operating system (OS) vendor.
Additional challenges are present when policy enforcement components are embedded within the device operating system or firmware, which is often done to make the make enforcement hard to circumvent. This has the effect of causing the policy enforcement methods to be predetermined and inflexible. Alternatively, the system can require privileged access to install the necessary policy enforcement components on the device. However, in some cases it is not possible to install policy enforcement components at the operating system or firmware level due to a lack of privileged access permissions (e.g., root or administrator access). In other implementations, policy enforcement systems require specially developed applications or modification of stock applications in order to make the applications operate with desired protections. These limitations combine to restrict the installation and use of policy enforcement components on a device, and restrict the activities of users by limiting their access to only those applications that have been customized to operate with the policy enforcement paradigms.
Existing information flow enforcement mechanisms, in addition to requiring privileged access while running on a device, are often limited in the types of information flows they can manage. To maintain policy-mandated control over information at rest, in motion, and in use, some means of managing information flow is required that can deal with all types of information flow under a single policy. What is needed is a system that may be installed and operated using whatever system resources and privileges are available, without requiring specially modified applications, and that may provide additional dynamically installed and configured controls over information and applications to augment protection available on the device as required to implement the specifications of the current policy.
Provision of forms of information control that better meet real world needs have been offered that isolate applications and their data under control of information owners, with policy control over information access and sharing by applications. One example of such an approach is described in co-pending U.S. patent application Ser. No. 13/316,426, which is incorporated herein by reference in its entirety and for all purposes. However, while such an approach is an important improvement over prior systems, it does not support a plurality of different points of control, where the control is effectively integrated and implemented by a device, or by an architecture comprising a plurality of devices, with each point of control having exclusive authority over its own data at all times.
The need remains for a common, integrated solution that provides for segregation, protection, and control of information on one or more devices while that information is at rest, in motion, or in use, and against such common perils as corruption of the information or loss of the device. The present invention meets these and other needs.